safeKey($domainId); $selKey = $this->safeKey($selector, 32); $disk = Storage::disk('local'); $baseRel = "private/dkim/{$dirKey}"; $privRel = "{$baseRel}/{$selKey}.pem"; $pubRel = "{$baseRel}/{$selKey}.pub"; // 1) Ordner sicherstellen $disk->makeDirectory($baseRel); // 2) Keypair via PHP-OpenSSL (kein shell_exec) $res = openssl_pkey_new([ 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => $bits, ]); if ($res === false) { throw new \RuntimeException('DKIM: openssl_pkey_new() fehlgeschlagen: ' . (openssl_error_string() ?: 'unbekannt')); } $privateKey = ''; if (!openssl_pkey_export($res, $privateKey)) { throw new \RuntimeException('DKIM: openssl_pkey_export() fehlgeschlagen: ' . (openssl_error_string() ?: 'unbekannt')); } $details = openssl_pkey_get_details($res); if ($details === false || empty($details['key'])) { throw new \RuntimeException('DKIM: Public Key konnte nicht gelesen werden.'); } $publicKeyPem = $details['key']; Log::debug('dkim.pem.first_line', ['line' => strtok($publicKeyPem, "\n")]); Log::debug('dkim.pem.len', ['len' => strlen($publicKeyPem)]); // 3) Schreiben über Storage (legt Dateien an, keine zu langen Pfade in Komponenten) if (!$disk->put($privRel, $privateKey)) { throw new \RuntimeException("DKIM: Private-Key schreiben fehlgeschlagen: {$privRel}"); } if (!$disk->put($pubRel, $publicKeyPem)) { throw new \RuntimeException("DKIM: Public-Key schreiben fehlgeschlagen: {$pubRel}"); } $publicKeyBase64 = self::extractPublicKeyBase64($publicKeyPem); Log::debug('dkim.p.len', ['len' => strlen($publicKeyBase64)]); $dnsTxt = "v=DKIM1; k=rsa; p={$publicKeyBase64}"; // sanity: RSA2048 liegt typ. > 300 chars if (strlen($publicKeyBase64) < 300) { throw new \RuntimeException('DKIM: Public Key zu kurz – vermutlich Parsing-Fehler.'); } return [ 'selector' => $selKey, 'priv_path' => storage_path("app/{$privRel}"), 'pub_path' => storage_path("app/{$pubRel}"), 'public_pem' => $publicKeyPem, 'private_pem' => $privateKey, 'dns_name' => "{$selKey}._domainkey", // vor Domain hängen 'dns_txt' => $dnsTxt, 'bits' => $bits, ]; } protected function safeKey($value, int $max = 64): string { if (is_object($value)) { if (isset($value->id)) $value = $value->id; elseif (method_exists($value, 'getKey')) $value = $value->getKey(); else $value = json_encode($value); } $raw = (string) $value; $san = preg_replace('/[^A-Za-z0-9._-]/', '_', $raw); if ($san === '' ) $san = 'unknown'; if (strlen($san) > $max) { $san = substr($san, 0, $max - 13) . '_' . substr(sha1($raw), 0, 12); } return $san; } protected static function extractPublicKeyBase64(string $pem): string { // Hole den Body zwischen den Headern (multiline, dotall) if (!preg_match('/^-+BEGIN PUBLIC KEY-+\r?\n(.+?)\r?\n-+END PUBLIC KEY-+\s*$/ms', $pem, $m)) { throw new \RuntimeException('DKIM: Ungültiges Public-Key-PEM (Header/Footers nicht gefunden).'); } // Whitespace entfernen → reines Base64 $b64 = preg_replace('/\s+/', '', $m[1]); if ($b64 === '' || base64_decode($b64, true) === false) { throw new \RuntimeException('DKIM: Public Key Base64 ist leer/ungültig.'); } return $b64; } }